Quote:
Originally Posted by xor
First of all, you can indeed no longer trust your email provider if they are forced by law to conspire against you. There is nothing they can do about that.
Second, encrypted IMAP or HTTP connections do not help in this case: they only protect you from outside eavesdroppers. They hide nothing from the email provider and so they do not help against a government forcing the provider to cooperate.
However, encryption properly done on your machine, with only your communication partner (and not the email provider!) holding the decryption key, is practically unbreakable, even by the government infiltrated email provider.
Use PGP or S/MIME and the content of your email is safe! (The subject line, sender, and recipient address are always revealed, though).
But do not rely on web clients provided by your email provider to do the encryption - these will be infiltrated also!
This is what I was trying to get across.
|
Now, I understand you. Of course, there is some leak of information even if the main content of your email is encrypted. The big problem, though, is that almost none of my correspondents are willing to go to the trouble of using client-to-client encryption. I have had PGP keys for such purposes for about 15 years, but (in that time) have used it with less than 1% of my email communications.